Port limiting on a Cisco 3550

Discussion in 'Cisco' started by jlamanna, May 6, 2009.

  1. jlamanna

    jlamanna Guest

    I'm trying to limit the total bandwidth on a port (essentially
    bandwidth limiting a customer) for both input and output.
    I've read various articles on how to do this correctly, though I don't
    seem to be able to get something that works effectively.


    Here's parts of a relevant configuration that I think "should" work
    but doesn't appear to:

    mls qos map cos-dscp 0 8 16 24 32 46 48 56
    mls qos min-reserve 5 170
    mls qos min-reserve 6 85
    mls qos min-reserve 7 51
    mls qos min-reserve 8 34
    mls qos
    ip routing

    class-map match-all all-out
    match ip dscp default
    class-map match-all all-in
    match access-group 1
    policy-map limit-out-5mb
    class all-out
    police 5242500 327656 exceed-action drop
    policy-map limit-in-5mb
    class all-in
    police 5242500 327656 exceed-action drop
    interface FastEthernet0/2
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 87
    switchport mode trunk
    speed 100
    duplex full
    auto qos voip trust
    wrr-queue bandwidth 10 20 70 1
    wrr-queue min-reserve 1 5
    wrr-queue min-reserve 2 6
    wrr-queue min-reserve 3 7
    wrr-queue min-reserve 4 8
    wrr-queue cos-map 1 0 1
    wrr-queue cos-map 2 2 4
    wrr-queue cos-map 3 3 6 7
    wrr-queue cos-map 4 5
    priority-queue out
    service-policy input limit-in-5mb
    service-policy output limit-out-5mb

    access-list 1 permit any
    jlamanna, May 6, 2009
    1. Advertisements

  2. jlamanna

    Guest Guest

    mls qos aggregate-policer 5M 5120000 80000 exceed-action drop

    access-list 100 permit ip any any

    mac access-list extended c_all_nonIP
    permit any any
    class-map match-all Got-all-nonIP
    match access-group name c_all_nonIP
    class-map match-all Got-all-IP
    match access-group 100

    policy-map T5M
    class Got-all-IP
    trust dscp
    police aggregate 5M
    class Got-all-nonIP
    police aggregate 5M
    trust cos

    interface fa0/1
    service in T5M
    service out T5M

    Guest, May 8, 2009
    1. Advertisements

  3. jlamanna

    bod43 Guest

    Does that work on a 3550? I don't think so, would
    be very relieved if it does though:)

    As far as I understand it you have to manipulate the input
    and output queues yourself with some low level commands.
    Horrible stuff.
    bod43, May 8, 2009
  4. jlamanna

    Guest Guest

    I can confirm 100% that it does since i took it from my 3550 template.
    why don't you try it!

    Guest, May 9, 2009
  5. That does not work.
    It cannot limit outbound traffic on the interface (if you try to apply
    the service-policy to 'output' you'll notice it does not take effect).
    James Lamanna, May 20, 2009
  6. jlamanna

    Guest Guest

    then apply it INBOUND on the other end of the link /uplink! duh.

    Guest, May 21, 2009
  7. The uplink serves multiple customers and I want to limit 1 customer on
    the switch,
    so limiting the uplink wouldn't make much sense.
    James Lamanna, May 21, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.